LGTM1, very happy to see this make progress! It's unfortunate that rolling this out with Finch and enterprise policy does not look feasible, but very good that we still have a kill switch. Keep a close eye on incoming bugs will also be important.
Good luck! :D On Thu, Aug 8, 2024 at 10:09 AM Hayato Ito <hay...@chromium.org> wrote: > Contact emails > > hay...@chromium.org > > Explainer > > http://bit.ly/url-non-special > > Specification > > https://url.spec.whatwg.org/ <https://url.spec.whatwg.org/#url-parsing> > > Summary > > Support non-special scheme URLs. > > Previously, Chromium's URL parser didn't handle non-special scheme URLs > properly. It treated these URLs as “opaque paths”, which didn’t align with > the URL Standard. > > Now, Chromium’s URL parser correctly processes non-special URLs. > > Examples: > > Before: > > > const url = new URL("git://host/path"); > > > url.host > > "" > > > url.pathname > > "//host/path" > > > url.host = "newhost"; > > > url.host > > "" > > > const url = new URL("git://a b/path"); > > > url.pathname > > "//a b/path" > > > After: > > > const url = new URL("git://host/path"); > > > url.host > > "host" > > > url.pathname > > "/path" > > > url.host = "newhost"; > > > url.host > > "newhost" > > > url.href > > "git://newhost/path" > > > const url = new URL("git://a b/path"); > > => throws Exception. // A space character is not allowed as a hostname. > > See http://bit.ly/url-non-special for more details. > > > As part of our Interop 2024 efforts, this change delivers the following > improvements: > > - > > Boosts WPT URL Score: 936 previously failing subtests in the WPT URL > tests (link > > <https://docs.google.com/document/d/1LjxHl32fE4tCKugrK_PIso7mfXQVEeoD1wSnX2y0ZU8/edit?resourcekey=0-d1gP4X2sG7GPl9mlTeptIA&tab=t.0#heading=h.ji1rj1k19sgh>) > now pass, raising the score from 87.0% to 94.7%. > - > > Fixes code relying on incorrect URL behavior: 527 tests (link > > <https://docs.google.com/spreadsheets/d/1Pqw1iKXK_lxHj-kLIAeRFs-khFz-BPZDio1W7SgEVE4/edit?usp=sharing>) > and related code in Chromium that depended on the previous behavior are now > fixed or mitigated, including: > - > > Web tests that relied on non-compliant non-special URL behavior > (e.g. “javascript://a b” URL) > - > > Non-special schemes used internally by Chromium code base, > including ChromeOS (e.g. “steam:”, “materialized-view://”, > “cros-apps://”) > > > > Blink component > > Internals>Network > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork> > > TAG review > > Not applicable > > Risks > > Interoperability and Compatibility > > Since Safari and Firefox already support non-special scheme URLs, the > likelihood of public websites breaking due to this change is likely low. > See here > <https://docs.google.com/document/d/1LjxHl32fE4tCKugrK_PIso7mfXQVEeoD1wSnX2y0ZU8/edit?resourcekey=0-d1gP4X2sG7GPl9mlTeptIA&tab=t.0> > for a rough estimation of the non-special scheme URL usages. > > Gecko: Shipped > > WebKit: Shipped > > Web developers: Generally seems positive. > > Some signals (from interop 2024 discussions > <https://github.com/web-platform-tests/interop/issues/424>) are: > > - > > > Confusion because URL parsers across Blink, Gecko, WebKit, Node, and > Deno do not interop well. The root cause is nearly always parser bugs in > Blink or Gecko: https://twitter.com/oleg008/status/1699087223751073883 > > > - > > > URL is very widely used - custom schemes are commonly used for links > to native apps, or when dealing with developer tooling like databases. They > may also become exceedingly more common with import maps. > > > Other potential risks and assessments: > > > - > > Enterprise usage: It's difficult to predict how non-special URLs are > used in the wild, especially by enterprise customers with in-house apps. > While adding an Enterprise Policy was considered to mitigate risks, > technical limitations make it difficult to support URLs. See > http://bit.ly/url-non-special for more info. We'll disable the feature > with Finch (StandardCompliantNonSpecialSchemeURLParsing flag) in case this > causes serious issues. > - > > Impacts on well-known non-special schemes: See here > > <https://docs.google.com/document/d/1LjxHl32fE4tCKugrK_PIso7mfXQVEeoD1wSnX2y0ZU8/edit?resourcekey=0-d1gP4X2sG7GPl9mlTeptIA&tab=t.0#heading=h.k3rirdjyomw6> > for the impacts on “javascript://”, “data:”, and so on. > - > > Impacts on dependent components: This change affects components > relying on URL behavior, like Origin > <https://url.spec.whatwg.org/#origin>. See the Security section below. > > > > Security > > In Chromium, GURL, KURL, and web-facing URL APIs share the common URL > parser backends, which reside in //url. As a result, this web-facing change > will also affect core components like url::Origin, kurl::SecurityOrigin. > > For detailed information on how url::Origin, kurl::SecurityOrigin, and > web-facing url.origin are impacted, please refer to this CL’s description > <https://chromium-review.googlesource.com/c/chromium/src/+/5309015>. > > TL;DR. This is a complex issue due to historical reasons. While most > components remain unaffected, there are some nuances, particularly > regarding the “Android WebView Hack”. We’ve preserved the current Origin > behavior for Android WebView. > > WebView application risks > > Beyond the aforementioned "Android WebView Hack", there are no other > changes specific to WebView. > > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, Chrome OS, Android, and Android WebView)? > > Yes. > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? > > Yes (dashboard > <https://wpt.fyi/results/url?label=master&label=experimental&product=chrome&product=firefox&product=safari&aligned&view=interop&q=label%3Ainterop-2023-url> > ) > > Flag name > > StandardCompliantNonSpecialSchemeURLParsing > > Requires code in //chrome? > > False > > Tracking bug > > https://crbug.com/1416006 > > Estimated milestones > > M130 > > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/5201116810182656 > > Links to previous Intent discussions > > Previous I2S > <https://groups.google.com/a/chromium.org/g/blink-dev/c/wYuPrIQzDTA/m/uoL4bXR2BgAJ>. > The previous I2S mail was sent last year but please consider this intent > to ship as a new one. > > > -- > Hayato > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFpjS_1_R%3D%2BHXYgTCuLD_WGR0foLKVnxAU9am1QbHyAZ%3D%2B3Ohw%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFpjS_1_R%3D%2BHXYgTCuLD_WGR0foLKVnxAU9am1QbHyAZ%3D%2B3Ohw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAARdPYdo4SEr05zmLKj4U4OD3f8Gx0taa-7B%3D-5n1K69b6_mgw%40mail.gmail.com.
